Package: squid Version: 2.5.9-1 Severity: serious Tags: patch Please see http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie
A race window has been discovered where Set-Cookie headers may leak to another users if the requested server relies on the now (since 1997) obsolete Netscape Set-Cookie specifications in how caches should handle the Set-Cookie header on otherwise cacheable content. The patch does not seem to be applied in 2.5.9. -- see shy jo
signature.asc
Description: Digital signature